Nearly tenfold jump in phishing instances last year: CSA report

Lester Hio
on 20 Jun 2018

The Straits Times

Share

Agency flags rising number of cyberthreats in S'pore even as cybercrime cases increase

Phishing instances here increased by almost 10 times last year, a report showed.

These were part of a rising number of cyberthreats in Singapore, including more instances of website defacement, malware infections and ransomware.

This mirrors the rise of cyber attacks globally, according to an annual report by the Cyber Security Agency of Singapore (CSA), which outlines the growing threat from hackers and malicious software.

The 50-page Singapore Cyber Landscape 2017 report, which was released by the CSA yesterday, showed an almost tenfold increase in phishing URLs with a Singapore link last year.

There were 23,420 links found, up from 2,512 in 2016. The large jump was in part due to the CSA analysing more data points last year than in 2016, which yielded more phishing attempts.

Phishing refers to using a fake website designed to look like a real one of a particular service to trick users into giving up their user names and log-in information.

Technology companies such as Microsoft and Apple were the favourite targets for hackers, with their names making up about 40 per cent of the observed phishing URLs. Government agencies, such as the Inland Revenue Authority of Singapore and Singapore Police Force, were also targeted.

Mr Tim Wellsmore, director of government security programmes at cyber-security firm FireEye, said the increased number of cyber-threats could also be attributed to better detection techniques.

"As countries and nations get better in improving their capabilities and ability to check and respond to threats, we are seeing the cyber-threat actors change up their approaches," he added.

"It is harder and harder to target companies as they implement better security solutions, so they focus on the weaker link, and that is people. And that is what phishing e-mails do."

There were also more website defacement incidents, with 2,040 cases, up from 1,750 in 2016. The main targets were mainly small and medium-sized enterprises from the manufacturing, retail and information technology sectors.

Incidents of ransomware also rose, with 25 cases reported last year, up from 19 in 2016.

The report, now in its second year, also noted that malware infections are increasing.

The CSA found about 750 unique command and control servers in Singapore, which act as the main computers used to issue instructions to other computers infected with malware.

More than 400 different malware types were found to have infected computers here. Five particular variants accounted for more than half of the systems infected daily, including the globally widespread WannaCry malware, which wreaked havoc across networks in May last year.

Cybercrime cases also rose, said the police. There were 5,430 cybercrime cases reported last year, up from 5,175 in 2016. Victims lost more than $95 million last year. The highest loss in a single case came from an Internet love scam, in which a victim lost about $6 million.

CSA chief executive David Koh, who is also Singapore's Commissioner of Cybersecurity, added that there has also been a shift from profit-motivated attacks towards those aimed at causing massive disruptions.

"As we continue our Smart Nation push, we have to raise our cyber hygiene and defences, especially against cyber attackers who are getting better resourced and skilled," he said.

The views, material and information presented by any third party are strictly the views of such third party. Without prejudice to any third party content or materials whatsoever are provided for information purposes and convenience only. Council For The Third Age shall not be responsible or liable for any loss or damage whatsoever arising directly or indirectly howsoever in connection with or as a result of any person accessing or acting on any information contained in such content or materials. The presentation of such information by third parties on this Council For The Third Age website does not imply and shall not be construed as any representation, warranty, endorsement or verification by Council For The Third Age in respect of such content or materials.